Biometrics

Be it Henry Ford with his automobile, or in this case, Henry Faulds, the guy who discovered fingerprints and their uniqueness

Way back in the 1880s, while in Japan, Henry Faulds studied the prints left behind by craftsmen on ancient clay fragments. He then went on to study his own and his colleagues' fingerprints. This convinced him that each individual had unique fingerprints. A little later, a fellow worker was arrested by the police for a petty crime. Faulds exonerated the man by showing that the finger prints on the crime scene did not match with those of his friend.

Thus began the journey of the most promising science of identification and recognition: Biometrics. Today, apart from fingerprints (and palm prints for that matter), we have discovered facial recognition, DNA, retinal scanning and voice recognition.

What Is Biometrics?
Biometrics can be defined as the technique of studying the physical characteristics of a person such as fingerprints, hand geometry, eye structure etc. to establish his or her identity. This science is primarily implemented to identify individuals.

Why Biometrics?
The use of biometrics is no longer restricted to defense establishments or sensitive areas. An increased need for security has prompted even everyday office goers to install fingerprint recognition devices to boot up their laptops, thumb drives and other daily use gadgets.

The question is, why? Why isn't the 16-digit password good enough? Simply because fingerprints are more secure. A password is breakable and anyone with basic knowledge of computers can crack passwords using the myriad free programmes available on the Internet.

For obvious reasons, a fingerprint, however, is difficult to fake without the help of the owner. It is also a lot more convenient to simply place your finger on to a scanner instead of remembering a long and complex series of characters and their cases. To make matters worse, they should, ideally, have no correlation whatsoever. So essentially, for maximum security, your password should be an alphanumeric 'word' that doesn't mean anything. Go figure!

How Biometric Processes Work
The concept of Biometric verification is simple. The system has some pre-stored data. When you approach the system (say a fingerprint scanner), your finger is scanned and matched with a record of fingerprints already in its database. Only when it finds a match, access is granted. The concept might be simple, but the process is quite ingenious.

Fingerprint Scanning
Humans have fingerprints for the exact same reason that tyres have treads. It helps in better grip and, by a bizarre twist of nature, different people have entirely different sets of fingerprints, which enables identification.

A fingerprint is made up of ridges and valleys (lines and the gaps separating them) and it is these ridges and valleys which are scanned to verify the authenticity of a print.
To authenticate a set of prints, a scanner needs to do two things: first, it needs to get the image of the prints which are to be authenticated, and second, it needs to actually go about the business of verifying them.

The most commonly used method of scanning is optical scanning. An optical scanner has a CCD sensor (Charge Coupled Device) similar to the ones used in digital cameras. There is an array of light sensitive diodes (photosites). When these diodes come in contact with light, they generate an electrical signal. Every photosite records a pixel representing the light it came in contact with.

An analogue to digital converter (ADC) system in the scanner processes the electrical signals to generate digital representations of the image. It is not necessary that the same kind of light falls on all diodes. So what is generated is a mix of dark and light areas, which together make up the image.

The process begins as soon as you place your finger on the glass plate. The scanner has its own source of light (mostly an array of LEDs) which illuminate the finger and the CCD inside takes a picture of the finger. But it doesn't just rush off to match it with the images in the database. It first checks for the integrity of the image in terms of contrast, sharpness and sheer quality.

The system checks the average pixel darkness, or, might employ a sampling technique and check the overall values in a small sample area. If the image is too dark or too light, it is rejected. Exposure settings are then accordingly adjusted and the print rescanned.

If the exposure level is found to be correct, it goes on to check the image definition (sharpness of the fingerprint). It does so by analysing several straight lines moving horizontally and vertically across the image. If the definition is good, a line running perpendicular to the ridges will comprise alternating segments of light and dark pixels. If this is found to be in order, the scanner proceeds to comparing the captured fingerprint with those in the database to see if it can find a match.

Matching of prints is a fairly complex process in itself and is far removed from the super-imposing method commonly shown in films.

This is so because smudging (due to scan surface or oily fingers) can make the same print appear different in different photos. Also, scanning and matching the entire finger consumes a lot of processing power.

Instead, the scanners compare specific features of the fingerprint (called minutiae). These points are generally places where ridge lines end or bifurcation occurs. The idea is to measure the relative positions of the minutiae; much the same way that people used to navigate in ancient times by using relative positions of stars in the sky to get their bearings.

Depending on the algorithm, a specific number of minutiae must be matched for the print to be accepted. Despite the various sums and checks in the system, fingerprint scanning is not even remotely a foolproof system. If you look around on the Internet, you will find a truckload of sites giving detailed instructions on how to go about faking fingerprints! In fact, in a recent study at Yokohama National University, Japan, scientists easily fooled even the latest fingerprint systems using fake prints made out of gelatine.

Retinal Scanning
Despite being shown as the absolute cutting edge, retinal scanning is actually rather old in the chronology of technology innovations and research on this started way back in the 1930s. For the retina to be scanned, the user looks through a small hole in the scanning device and focuses on a particular point for the time period during which, a low intensity light and a CCD analyse the layer of blood vessels at the back of the eye for matching patterns (akin to fingerprint checking) and validate or repudiate the persons identity.

This technology is still not in the public domain (unlike fingerprint recognition, which is) and is used only to secure highly sensitive security areas.

Unlike fingerprints, there is absolutely no known method of replicating a person's retina and to use a dead person's retina is no good as it deteriorates too fast to be of any help.

Iris Scan
Iris Scan, though relating to the eye (like retinal scan) uses a completely different method of identification. The Iris is the coloured ring surrounding the pupil. The scan analyses the features that exist in this coloured tissue.

Over 200 points can be used for comparison such as the rings, furrows and freckles. The scan is done with a regular camera and the subject stands about a foot from the lens (of the camera) so it is a lot more convenient.

The Iris pattern is much more unique than a fingerprint. A statistical analysis puts the probability of two irises matching at 1 in 10 to the power 78 while the population of humans on earth is roughly 7 billion that is 7 to the power 9.

Facial Recognition
While fingerprinting and retinal scanning are relatively easy to administer, since the people going through the process are aware of it and are consenting to subject themselves to these measures, the main application of facial recognition is in security wherein the software is expected to pick a face out of, say, thousands of passengers at the airport, and match it with a database of wanted criminals and positively state whether or not that face belongs to the guilty party.

How Facial Recognition Works
To make the computer recognise a face from a picture or a video feed is quite an achievement in itself, but a bigger achievement is to identify clearly if the face is that of the wanted man or not.

every face has certain characteristics and distinguishable features, which allow us to differentiate between two people

If you look in the mirror, or at a persons face for that matter, you will notice that every face has certain characteristics and distinguishable features, which allow us to differentiate between two people. The equipment used here is not really too fancy or cutting edge, and the brains for this lie entirely in the software.

The software divides the face into 80 nodes, some of the common ones being distance between eyes, width of nose, and depth of eye sockets, cheekbones, jaw line, and chin. The system generally needs to match between 14-25 nodes in order to obtain a positive ID.

Now, obviously, there are a lot of people coming in and out of a place where this system is set up (stadiums, airports etc). The real challenge is to recognise a face instantaneously. To facilitate this, a database is created with the help of an algorithm, which goes through the characteristics of the faces and stores them as a string of numbers. This string is called a face print.

The following are the broad steps utilised by facial recognition software.

Face Detection: The camera pans around looking for a face. The minute it encounters a face, it starts scanning it and proceeds to identifying the various nodes and taking measurements if possible

Detection of Orientation: Once the face is detected, the system determines the head's size and position. Generally, a face needs to be around 40 degrees towards the camera for the system to register and analyse it

Mapping: The facial image is scaled down to the level of the images in the database and is then rotated and otherwise adjusted to match the formatting of the images in the database.

Encoding: The algorithm then converts the face into a face print based on the pre-defined criteria programmed into the algorithm.

Matching: This new data is then used as a filter to sort through the database of faces at super fast speeds to come up with a match.

Since it uses a variety of nodes, simple alterations of the face will not fool it; however, twins might; so the system is certainly not infallible.

Voice Recognition
Like fingerprints and face attributes, every person has a unique speech pattern. Voice recognition works by first storing voice patterns and then using them as a database to authenticate a subject.

With biometrics, our movements from office to work could be tracked easily using various security cameras deployed on the road

Voice recognition is often confused with speech recognition, which is a technology that converts speech to text and the conversion software needs to go through extensive training by the user before any suitable and acceptable results are obtained.

Voice recognition works by noting a person's voice (physical characteristics of the vocal tract, the harmonic and the resonant frequencies) and converts it into an audio file which is known as a voice print.

During the creation of a voice print, the subject is asked to choose a phrase and asked to repeat it. The phrase should be 1 to 1.5 seconds in length since a smaller phrase provides the system with too little data, and beyond that, too much data. Both of these conditions result in reduced accuracy. The problem with voice recognition does not lie in its integrity since it's near impossible to fake a voice. The problem lies with the technology we are using to implement it with.

In the confined environs of a test lab, the technology is at par with other biometric technologies but in the real world tests, it has to contend with background noise, weather conditions, audio source and the like. Consider these two scenarios:

First: First, say you need to get inside your house which is "voice-locked"; meaning it has a voice recognition-based security system.

Now, if there is a traffic jam on the street in front of your house, horns blaring, people screaming, the system might refuse to authenticate you due to too much background noise (try using voice dialling in your cell phone in room full of chattering people and you'll understand what we are talking about).

In fact, it might also fail to authenticate you if you have a sore throat or are suffering from a cold as it alters your voice (and hence the voice print) quite considerably!

Second: Voice recognition can use any plain audio source, such as telephones, cell phones, etc., to authenticate the user but herein lies the catch: if you use a different phone than the type used during registration (creation of voice print in the database), the system might not authenticate you. This happens because the voice data that the system receives might vary, due to the use of different quality microphones.

How Fingerprint Recognition Works
But, despite the limitations, voice recognition does have a lot going for it. The biggest is the cost saving as you do not need any special equipment. Any regular microphone will suffice as an input source. The added benefit is that voice recognition is the only technology that can give remote access to users and hence can have wide ranging applications from phone banking to remote login to secure servers but for that, the issues mentioned above need to be ironed out.

The case is of "Big Brother" breathing down your neck every time you turn around and do even something as mundane as boarding a train to office

Can Biometrics Be A Threat?
The single biggest argument against Biometrics is that it is a potential threat to privacy. The case is of "Big Brother" breathing down your neck every time you turn around and do even something as mundane as boarding a train to office. A US Soldier performs an iris scan on an Iraqi

The concern is genuine since individuals would most certainly lose their anonymity in a biometric dependent system. Privacy advocates claim that citizens have a right to anonymity while engaging in transactions such as online purchasing or in-person voting. If biometrics is used for authentication and identification (the line between these is being fast blurred by biometrics), our anonymity when using different systems or services is lost.

Biometrics would ensure accurate cross-database matching and extensive records about a person's habits, preferences and frequently visited places. As is the case today, this information database can then be sold to second and third parties, making sensitive or private information blatantly public and leading to invasive marketing campaigns and widespread harassment.

Even our movements from office to work would not remain private and could be tracked easily using various security cameras deployed on the road. A case in point is the cameras deployed on certain traffic signals in New Delhi that click a picture of your vehicle when you commit an offence such as jumping a traffic light. The police then send the picture along with a challan (traffic ticket) mentioning the date and time for you to pay the fine.

This could be extended to recognising your face and knowing your background. Judging by the rampant and all-pervasive corruption that we have, is it advisable to give such personal information to someone who can and probably will use it in any which way they like? Maybe not.
Privacy extremists extend this to a time when the computers matching the faces and giving backgrounds would themselves be smart enough to "know" who and what we are and harass us. This doomsday conspiracy, although interesting, is not likely to happen for sometime to come, but should certainly be thought of when implementing biometric solutions.

Biometrics For You
Biometrics is no longer the stuff sci-fi dreams are made of but is here in reality and lots of products incorporate one or another form of biometric security.

Microsoft recently launched a fingerprint scanner, which is compatible with Windows XP. This allows you to link your XP account with your fingerprint. So, instead of entering your password (at the XP logon or at any password websites) you just need to let it scan your fingerprints.

Even laptops from manufacturers like Fujitsu (S7010) and the Lenovo (previously IBM) T42 and the X-series tablet PC (costing over Rs 1,00,000) incorporate built in fingerprint recognition systems and replace the need for you to enter and remember any passwords!

India has not been left behind by the Biometric wave and we do have a few companies dedicated to Biometrics-based product development. Pune-based BioEnable (www.bioenable.co.in) and Mumbai-based Jaypeetex (www.jaypeetex.com) have products ranging from door locks to attendance registers to car immobilisers to computer mice. The Tirupati temple in Andhra Pradesh has deployed biometrics for crowd control and is also looking into incorporating it as a security measure.

During the recently concluded elections in Iraq, a system known as the Biometrics Automated Toolset (BAT) was extensively used to profile the local population. The BAT system stores a person's biometric data such as retina scans, fingerprints, facial data, and links it to names. This was incredibly helpful in, firstly, ensuring security and integrity of registration and the individual and secondly, in avoiding duplication as even with the help of an interpreter, names can be differently or incorrectly spelt.

A pilot project is on in the US where instead of swiping your credit card, you simply put your thumb in the fingerprint scanner in the ATM. This gets matched to the thumbprint in their database and the transaction is processed. Simple, secure and hassle-free. Just what technology should be.

The concerns over biometrics are not without reason. Biometrics can certainly be a powerful security tool to combat terrorism. In the end it is upto the people to decide whether the price of losing their anonymity is justified in order to gain the comfort of security.